Merge remote-tracking branch 'origin/dev' into feat/types

ymc9 · ymc9 · commit 9ac70f7ca09f · 2024-11-03T10:25:06.000-08:00
diff --git a/packages/plugins/swr/src/runtime/index.ts b/packages/plugins/swr/src/runtime/index.ts
@@ -7,7 +7,6 @@ import {
     type ModelMeta,
     type PrismaWriteActionType,
 } from '@zenstackhq/runtime/cross';
-import * as crossFetch from 'cross-fetch';
 import { lowerCaseFirst } from 'lower-case-first';
 import { createContext, useContext } from 'react';
 import type { Cache, Fetcher, SWRConfiguration, SWRResponse } from 'swr';
@@ -376,10 +375,19 @@ export function useInvalidation(model: string, modelMeta: ModelMeta): Invalidato
 export async function fetcher<R, C extends boolean>(
     url: string,
     options?: RequestInit,
-    fetch?: FetchFn,
+    customFetch?: FetchFn,
     checkReadBack?: C
 ): Promise<C extends true ? R | undefined : R> {
-    const _fetch = fetch ?? crossFetch.fetch;
+    // Note: 'cross-fetch' is supposed to handle fetch compatibility
+    // but it doesn't work for cloudflare workers
+    const _fetch =
+        customFetch ??
+        // check if fetch is available globally
+        (typeof fetch === 'function'
+            ? fetch
+            : // fallback to 'cross-fetch' if otherwise
+              (await import('cross-fetch')).default);
+
     const res = await _fetch(url, options);
     if (!res.ok) {
         const errData = unmarshal(await res.text());
@@ -420,7 +428,7 @@ function marshal(value: unknown) {
 
 function unmarshal(value: string) {
     const parsed = JSON.parse(value);
-    if (parsed.data && parsed.meta?.serialization) {
+    if (typeof parsed === 'object' && parsed?.data && parsed?.meta?.serialization) {
         const deserializedData = deserialize(parsed.data, parsed.meta.serialization);
         return { ...parsed, data: deserializedData };
     } else {
diff --git a/packages/plugins/tanstack-query/src/runtime/common.ts b/packages/plugins/tanstack-query/src/runtime/common.ts
@@ -8,7 +8,6 @@ import {
     type ModelMeta,
     type PrismaWriteActionType,
 } from '@zenstackhq/runtime/cross';
-import * as crossFetch from 'cross-fetch';
 
 /**
  * The default query endpoint.
@@ -133,10 +132,19 @@ export type APIContext = {
 export async function fetcher<R, C extends boolean>(
     url: string,
     options?: RequestInit,
-    fetch?: FetchFn,
+    customFetch?: FetchFn,
     checkReadBack?: C
 ): Promise<C extends true ? R | undefined : R> {
-    const _fetch = fetch ?? crossFetch.fetch;
+    // Note: 'cross-fetch' is supposed to handle fetch compatibility
+    // but it doesn't work for cloudflare workers
+    const _fetch =
+        customFetch ??
+        // check if fetch is available globally
+        (typeof fetch === 'function'
+            ? fetch
+            : // fallback to 'cross-fetch' if otherwise
+              (await import('cross-fetch')).default);
+
     const res = await _fetch(url, options);
     if (!res.ok) {
         const errData = unmarshal(await res.text());
@@ -213,7 +221,7 @@ export function marshal(value: unknown) {
 
 export function unmarshal(value: string) {
     const parsed = JSON.parse(value);
-    if (parsed.data && parsed.meta?.serialization) {
+    if (typeof parsed === 'object' && parsed?.data && parsed?.meta?.serialization) {
         const deserializedData = deserialize(parsed.data, parsed.meta.serialization);
         return { ...parsed, data: deserializedData };
     } else {
diff --git a/packages/runtime/src/enhancements/node/delegate.ts b/packages/runtime/src/enhancements/node/delegate.ts
@@ -93,7 +93,7 @@ export class DelegateProxyHandler extends DefaultPrismaProxyHandler {
 
         if (args.orderBy) {
             // `orderBy` may contain fields from base types
-            this.injectWhereHierarchy(this.model, args.orderBy);
+            enumerate(args.orderBy).forEach((item) => this.injectWhereHierarchy(model, item));
         }
 
         if (this.options.logPrismaQuery) {
@@ -206,7 +206,9 @@ export class DelegateProxyHandler extends DefaultPrismaProxyHandler {
                     if (fieldValue !== undefined) {
                         if (fieldValue.orderBy) {
                             // `orderBy` may contain fields from base types
-                            this.injectWhereHierarchy(fieldInfo.type, fieldValue.orderBy);
+                            enumerate(fieldValue.orderBy).forEach((item) =>
+                                this.injectWhereHierarchy(fieldInfo.type, item)
+                            );
                         }
 
                         if (this.injectBaseFieldSelect(model, field, fieldValue, args, kind)) {
@@ -1037,7 +1039,7 @@ export class DelegateProxyHandler extends DefaultPrismaProxyHandler {
         }
 
         if (args.orderBy) {
-            this.injectWhereHierarchy(this.model, args.orderBy);
+            enumerate(args.orderBy).forEach((item) => this.injectWhereHierarchy(this.model, item));
         }
 
         if (args.where) {
diff --git a/packages/runtime/src/enhancements/node/policy/policy-utils.ts b/packages/runtime/src/enhancements/node/policy/policy-utils.ts
@@ -3,6 +3,7 @@
 import deepmerge from 'deepmerge';
 import { isPlainObject } from 'is-plain-object';
 import { lowerCaseFirst } from 'lower-case-first';
+import traverse from 'traverse';
 import { upperCaseFirst } from 'upper-case-first';
 import { z, type ZodError, type ZodObject, type ZodSchema } from 'zod';
 import { fromZodError } from 'zod-validation-error';
@@ -31,7 +32,15 @@ import { getVersion } from '../../../version';
 import type { InternalEnhancementOptions } from '../create-enhancement';
 import { Logger } from '../logger';
 import { QueryUtils } from '../query-utils';
-import type { EntityChecker, ModelPolicyDef, PermissionCheckerFunc, PolicyDef, PolicyFunc } from '../types';
+import type {
+    DelegateConstraint,
+    EntityChecker,
+    ModelPolicyDef,
+    PermissionCheckerFunc,
+    PolicyDef,
+    PolicyFunc,
+    VariableConstraint,
+} from '../types';
 import { formatObject, prismaClientKnownRequestError } from '../utils';
 
 /**
@@ -667,7 +676,47 @@ export class PolicyUtil extends QueryUtils {
         }
 
         // call checker function
-        return checker({ user: this.user });
+        let result = checker({ user: this.user });
+
+        // the constraint may contain "delegate" ones that should be resolved
+        // by evaluating the corresponding checker of the delegated models
+
+        const isVariableConstraint = (value: any): value is VariableConstraint => {
+            return value && typeof value === 'object' && value.kind === 'variable';
+        };
+
+        const isDelegateConstraint = (value: any): value is DelegateConstraint => {
+            return value && typeof value === 'object' && value.kind === 'delegate';
+        };
+
+        // here we prefix the constraint variables coming from delegated checkers
+        // with the relation field name to avoid conflicts
+        const prefixConstraintVariables = (constraint: unknown, prefix: string) => {
+            return traverse(constraint).map(function (value) {
+                if (isVariableConstraint(value)) {
+                    this.update(
+                        {
+                            ...value,
+                            name: `${prefix}${value.name}`,
+                        },
+                        true
+                    );
+                }
+            });
+        };
+
+        // eslint-disable-next-line @typescript-eslint/no-this-alias
+        const that = this;
+        result = traverse(result).forEach(function (value) {
+            if (isDelegateConstraint(value)) {
+                const { model: delegateModel, relation, operation: delegateOp } = value;
+                let newValue = that.getCheckerConstraint(delegateModel, delegateOp ?? operation);
+                newValue = prefixConstraintVariables(newValue, `${relation}.`);
+                this.update(newValue, true);
+            }
+        });
+
+        return result;
     }
 
     //#endregion
diff --git a/packages/runtime/src/enhancements/node/types.ts b/packages/runtime/src/enhancements/node/types.ts
@@ -18,6 +18,11 @@ export interface CommonEnhancementOptions {
     prismaModule?: any;
 }
 
+/**
+ * CRUD operations
+ */
+export type CRUD = 'create' | 'read' | 'update' | 'delete';
+
 /**
  * Function for getting policy guard with a given context
  */
@@ -74,14 +79,26 @@ export type LogicalConstraint = {
     children: PermissionCheckerConstraint[];
 };
 
+/**
+ * Constraint delegated to another model through `check()` function call
+ * on a relation field.
+ */
+export type DelegateConstraint = {
+    kind: 'delegate';
+    model: string;
+    relation: string;
+    operation?: CRUD;
+};
+
 /**
  * Operation allowability checking constraint
  */
 export type PermissionCheckerConstraint =
     | ValueConstraint
     | VariableConstraint
     | ComparisonConstraint
-    | LogicalConstraint;
+    | LogicalConstraint
+    | DelegateConstraint;
 
 /**
  * Policy definition
diff --git a/packages/schema/src/cli/actions/repl.ts b/packages/schema/src/cli/actions/repl.ts
@@ -9,13 +9,18 @@ import { inspect } from 'util';
 /**
  * CLI action for starting a REPL session
  */
-export async function repl(projectPath: string, options: { prismaClient?: string; debug?: boolean; table?: boolean }) {
+export async function repl(
+    projectPath: string,
+    options: { loadPath?: string; prismaClient?: string; debug?: boolean; table?: boolean }
+) {
     if (!process?.stdout?.isTTY && process?.versions?.bun) {
-        console.error('REPL on Bun is only available in a TTY terminal at this time. Please use npm/npx to run the command in this context instead of bun/bunx.');
+        console.error(
+            'REPL on Bun is only available in a TTY terminal at this time. Please use npm/npx to run the command in this context instead of bun/bunx.'
+        );
         return;
     }
 
-    const prettyRepl = await import('pretty-repl')
+    const prettyRepl = await import('pretty-repl');
 
     console.log('Welcome to ZenStack REPL. See help with the ".help" command.');
     console.log('Global variables:');
@@ -47,7 +52,9 @@ export async function repl(projectPath: string, options: { prismaClient?: string
         }
     }
 
-    const { enhance } = require('@zenstackhq/runtime');
+    const { enhance } = options.loadPath
+        ? require(path.join(path.resolve(options.loadPath), 'enhance'))
+        : require('@zenstackhq/runtime');
 
     let debug = !!options.debug;
     let table = !!options.table;
@@ -63,7 +70,11 @@ export async function repl(projectPath: string, options: { prismaClient?: string
                 let r: any = undefined;
                 let isPrismaCall = false;
 
-                if (cmd.includes('await ')) {
+                if (/^\s*user\s*=[^=]/.test(cmd)) {
+                    // assigning to user variable, reset auth
+                    eval(cmd);
+                    setAuth(user);
+                } else if (/^\s*await\s+/.test(cmd)) {
                     // eval can't handle top-level await, so we wrap it in an async function
                     cmd = `(async () => (${cmd}))()`;
                     r = eval(cmd);
@@ -137,14 +148,18 @@ export async function repl(projectPath: string, options: { prismaClient?: string
 
     // .auth command
     replServer.defineCommand('auth', {
-        help: 'Set current user. Run without argument to switch to anonymous. Pass an user object to set current user.',
+        help: 'Set current user. Run without argument to switch to anonymous. Pass an user object to set current user. Run ".auth info" to show current user.',
         action(value: string) {
             this.clearBufferedCommand();
             try {
                 if (!value?.trim()) {
                     // set anonymous
                     setAuth(undefined);
                     console.log(`Auth user: anonymous. Use ".auth { id: ... }" to change.`);
+                } else if (value.trim() === 'info') {
+                    // refresh auth user
+                    setAuth(user);
+                    console.log(`Current user: ${user ? inspect(user) : 'anonymous'}`);
                 } else {
                     // set current user
                     const user = eval(`(${value})`);
diff --git a/packages/schema/src/cli/index.ts b/packages/schema/src/cli/index.ts
@@ -133,7 +133,8 @@ export function createProgram() {
     program
         .command('repl')
         .description('Start a REPL session.')
-        .option('--prisma-client <module>', 'path to Prisma client module')
+        .option('--load-path <path>', 'path to load modules generated by ZenStack')
+        .option('--prisma-client <path>', 'path to Prisma client module')
         .option('--debug', 'enable debug output')
         .option('--table', 'enable table format output')
         .action(replAction);
diff --git a/packages/schema/src/plugins/enhancer/policy/constraint-transformer.ts b/packages/schema/src/plugins/enhancer/policy/constraint-transformer.ts
@@ -1,4 +1,6 @@
 import {
+    PluginError,
+    getLiteral,
     getRelationKeyPairs,
     isAuthInvocation,
     isDataModelFieldReference,
@@ -7,9 +9,11 @@ import {
 import {
     BinaryExpr,
     BooleanLiteral,
+    DataModel,
     DataModelField,
     Expression,
     ExpressionType,
+    InvocationExpr,
     LiteralExpr,
     MemberAccessExpr,
     NumberLiteral,
@@ -27,6 +31,8 @@ import {
     isUnaryExpr,
 } from '@zenstackhq/sdk/ast';
 import { P, match } from 'ts-pattern';
+import { name } from '..';
+import { isCheckInvocation } from '../../../utils/ast-utils';
 
 /**
  * Options for {@link ConstraintTransformer}.
@@ -107,6 +113,8 @@ export class ConstraintTransformer {
                 .when(isReferenceExpr, (expr) => this.transformReference(expr))
                 // top-level boolean member access expr
                 .when(isMemberAccessExpr, (expr) => this.transformMemberAccess(expr))
+                // `check()` invocation on a relation field
+                .when(isCheckInvocation, (expr) => this.transformCheckInvocation(expr as InvocationExpr))
                 .otherwise(() => this.nextVar())
         );
     }
@@ -259,6 +267,30 @@ export class ConstraintTransformer {
         return undefined;
     }
 
+    private transformCheckInvocation(expr: InvocationExpr) {
+        // transform `check()` invocation to a special "delegate" constraint kind
+        // to be evaluated at runtime
+
+        const field = expr.args[0].value as ReferenceExpr;
+        if (!field) {
+            throw new PluginError(name, 'Invalid check invocation');
+        }
+        const fieldType = field.$resolvedType?.decl as DataModel;
+
+        let operation: string | undefined = undefined;
+        if (expr.args[1]) {
+            operation = getLiteral<string>(expr.args[1].value);
+        }
+
+        // eslint-disable-next-line @typescript-eslint/no-explicit-any
+        const result: any = { kind: 'delegate', model: fieldType.name, relation: field.target.$refText };
+        if (operation) {
+            // operation can be explicitly specified or inferred from the context
+            result.operation = operation;
+        }
+        return JSON.stringify(result);
+    }
+
     // normalize `auth()` access undefined value to null
     private normalizeToNull(expr: string) {
         return `(${expr} ?? null)`;
diff --git a/packages/schema/src/plugins/prisma/schema-generator.ts b/packages/schema/src/plugins/prisma/schema-generator.ts
diff --git a/tests/integration/tests/enhancements/with-delegate/enhanced-client.test.ts b/tests/integration/tests/enhancements/with-delegate/enhanced-client.test.ts
diff --git a/tests/integration/tests/enhancements/with-policy/checker.test.ts b/tests/integration/tests/enhancements/with-policy/checker.test.ts
diff --git a/tests/regression/tests/issue-1755.test.ts b/tests/regression/tests/issue-1755.test.ts

Original file line number	Diff line number	Diff line change
`@@ -93,7 +93,7 @@ export class DelegateProxyHandler extends DefaultPrismaProxyHandler {`
`93`	`93`
`94`	`94`	`if (args.orderBy) {`
`95`	`95`	// `orderBy` may contain fields from base types
`96`		`- this.injectWhereHierarchy(this.model, args.orderBy);`
	`96`	`+ enumerate(args.orderBy).forEach((item) => this.injectWhereHierarchy(model, item));`
`97`	`97`	`}`
`98`	`98`
`99`	`99`	`if (this.options.logPrismaQuery) {`
`@@ -206,7 +206,9 @@ export class DelegateProxyHandler extends DefaultPrismaProxyHandler {`
`206`	`206`	`if (fieldValue !== undefined) {`
`207`	`207`	`if (fieldValue.orderBy) {`
`208`	`208`	// `orderBy` may contain fields from base types
`209`		`- this.injectWhereHierarchy(fieldInfo.type, fieldValue.orderBy);`
	`209`	`+ enumerate(fieldValue.orderBy).forEach((item) =>`
	`210`	`+ this.injectWhereHierarchy(fieldInfo.type, item)`
	`211`	`+ );`
`210`	`212`	`}`
`211`	`213`
`212`	`214`	`if (this.injectBaseFieldSelect(model, field, fieldValue, args, kind)) {`
`@@ -1037,7 +1039,7 @@ export class DelegateProxyHandler extends DefaultPrismaProxyHandler {`
`1037`	`1039`	`}`
`1038`	`1040`
`1039`	`1041`	`if (args.orderBy) {`
`1040`		`- this.injectWhereHierarchy(this.model, args.orderBy);`
	`1042`	`+ enumerate(args.orderBy).forEach((item) => this.injectWhereHierarchy(this.model, item));`
`1041`	`1043`	`}`
`1042`	`1044`
`1043`	`1045`	`if (args.where) {`